Hello,
I'm trying to parse the following wildfly log format:
2021-02-16 00:01:34,505 ERROR [org.springframework.boot.cttt.web.ErrorPageFilter] (default task-48) Forwarding to error page from request [/user/history] due to exception [org.hibernate.exception.DataException: could not execute statement]: javax.persistence.PersistenceException: org.hibernate.exception.DataException: could not execute statement
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763) [hibernate-entitymanager-4.3.11.Final.jar:4.3.11.Final]
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1677) [hibernate-entitymanager-4.3.11.Final.jar:4.3.11.Final]
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1683) [hibernate-entitymanager-4.3.11.Final.jar:4.3.11.Final]
at org.hibernate.jpa.spi.AbstractEntityManagerImpl.persist(AbstractEntityManagerImpl.java:1187) [hibernate-entitymanager-4.3.11.Final.jar:4.3.11.Final]
at sun.reflect.GeneratedMethodAccessor99.invoke(Unknown Source) [:1.8.0_31]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_31]
at org.springframework.orm.jpa.ExtendedEntityManagerCreator$ExtendedEntityManagerInvocationHandler.invoke(ExtendedEntityManagerCreator.java:344) [spring-orm-4.2.5.RELEASE.jar:4.2.5.RELEASE]
... 166 more
2021-02-16 00:02:35,372 ERROR [io.undertow.request] (default task-42) Undertow request failed HttpServerExchange{ POST /ccc-web-user/error}: java.lang.NullPointerException
2021-02-16 00:03:36,993 SEVERE [com.prompsit.bstweb.urlrules.SpacesRewriteRule] (default task-62) matches: Failed to match the url.: java.lang.IllegalArgumentException: URLDecoder: Incomplete trailing escape (%) pattern
at java.net.URLDecoder.decode(URLDecoder.java:187) [rt.jar:1.8.0_31]
at com.prompsit.bstweb.urlrules.SpacesRewriteRule.matches(SpacesRewriteRule.java:75) [ccc-web-5.40.1-SNAPSHOT.jar:]
at sun.reflect.GeneratedMethodAccessor50.invoke(Unknown Source) [:1.8.0_31]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_31]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_31]
at org.tuckey.web.filters.urlrewrite.ClassRule.matches(ClassRule.java:119) [urlrewritefilter-4.0.5.jar:4.0.5]
at org.tuckey.web.filters.urlrewrite.ClassRule.matches(ClassRule.java:101) [urlrewritefilter-4.0.5.jar:4.0.5]
at org.tuckey.web.filters.urlrewrite.RuleChain.doRuleProcessing(RuleChain.java:83) [urlrewritefilter-4.0.5.jar:4.0.5]
I've configured the following grok:
if [type] == "wildfly-error-log" {
grok {
match => [ "message", "%{DATA} %{WORD:loglevel} \[%{DATA:class}\] \(%{DATA:thread}\) %{GREEDYDATA:message}" ]
overwrite => [ "message" ]
}
mutate {
add_field => { "read_timestamp" => "%{@timestamp}" }
}
date {
match => [ "timestamp", "YYYY-MM-DD HH:mm:ss,SSS" ]
remove_field => "timestamp"
}
}
However, in Kibana, the date is when the logstash ingest it, instead of getting the real date from the log ingested.
So instead of 2021-02-16 00:01:34 I get the actual date of ingesting time.
Can you help me please?